A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security gap in Microsoft Entra ID that could allow external guest users to gain powerful control over Azure environments. Contrary to common assumptions, Entra B2B guest…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Pure Crypter Uses Multiple Evasion Methods to Bypass Windows 11 24H2 Security Features
Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for threat actors targeting Windows-based systems in a thorough technical research carried out by eSentire’s Threat Response Unit (TRU) during 2024 and 2025. This loader, favored…
Critical Icinga 2 Vulnerability Allows Attackers to Obtain Valid Certificates
A critical vulnerability (CVE-2025-48057) has been discovered in Icinga 2, the widely used open-source monitoring platform. The flaw, affecting installations built with OpenSSL versions older than 1.1.0, could allow attackers to obtain valid certificates from the Icinga Certificate Authority (CA),…
Microsoft Reveals Techniques for Defending Against Evolving AiTM Attacks
Microsoft has exposed the escalating sophistication of phishing attacks, particularly focusing on Adversary-in-the-Middle (AiTM) techniques that are becoming a cornerstone of modern cyber threats. As organizations increasingly adopt multifactor authentication (MFA), passwordless solutions, and robust email protections, threat actors are…
Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining
Hackers have been targeting Internet cafés in South Korea since the second half of 2024, exploiting specialized management software to install malicious tools for cryptocurrency mining. According to a detailed report from AhnLab SEcurity intelligence Center (ASEC), the attackers, active…
New Study Uncovers Multiple Vulnerabilities in WeChat and IM Apps
Instant messaging (IM) applications like WeChat have become indispensable for billions, facilitating not only communication but also payments, business, and personal data exchange. However, their ubiquity and complexity make them prime targets for sophisticated cyberattacks. This article explores how a…
Windows 11 Security Update for 22H2 & 23H2 May Cause Recovery Errors
A recent Windows 11 security update, KB5058405, released on May 13, 2025, has caused significant boot failures for some users running Windows 11 versions 22H2 and 23H2—especially in enterprise and virtual environments. Affected systems display a recovery error with code…
MICI NetFax Server Flaws Allow Attackers to Execute Remote Code
In a recent security advisory, Rapid7 has disclosed three severe vulnerabilities in MICI Network Co., Ltd’s NetFax Server, affecting all versions before 3.0.1.0. These flaws—CVE-2025-48045, CVE-2025-48046, and CVE-2025-48047—allow attackers to gain root-level access through a chain of authenticated attacks, with…
Hackers Use AI-Generated Videos on TikTok to Spread Info-Stealing Malware
TrendMicro has uncovered a sophisticated campaign where threat actors are exploiting TikTok to distribute information-stealing malware. By leveraging AI-generated videos posing as tutorials for unlocking pirated software, cybercriminals trick unsuspecting viewers into executing malicious PowerShell commands. These commands download dangerous…
Novel Malware Evades Detection by Skipping PE Header in Windows
Researchers have identified a sophisticated new strain of malware that bypasses traditional detection mechanisms by entirely omitting the Portable Executable (PE) header in Windows environments. This innovative evasion tactic represents a significant shift in how malicious software can infiltrate systems,…